CVE-2018-20671

CVE-2018-20671 affects GNU Binutils up to version 2.31.1, where load_specific_debug_section in objdump.c may overflow an integer, triggering a heap-based buffer overflow via a crafted section size. Connected docs confirm the same description in Astra Linux security bulletin and related advisories...

CVE-2018-20671

loadspecificdebugsection in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size...

CVE-2018-20671

loadspecificdebugsection in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size...

CVE-2018-20657

The demangletemplate function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service memory consumption, as demonstrated by cxxfilt, a related issue to CVE-2018-12698...

CVE-2018-20657

CVE-2018-20657 affects GNU Binutils’ libiberty, specifically the demangle_template function in cplus-dem.c, distributed with Binutils 2.31.1. The issue is a memory leak triggered by crafted strings, causing a denial of service via memory consumption (as demonstrated by cxxfilt). Connected sources...

CVE-2018-20657

The demangletemplate function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service memory consumption, as demonstrated by cxxfilt, a related issue to CVE-2018-12698...

GNU Binutils Null Pointer Dereference Vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

GNU Binutils 'error' function heap buffer overflow vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utility programs developed by the GNU Project to work with target files in a variety of formats, with connectors, assemblers, and other tools for target files and archives. A heap buffer overflow vulnerability...

CVE-2018-20651

A NULL pointer dereference was discovered in elflinkaddobjectsymbols in elflink.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31.1. This occurs for a crafted ETDYN with no program headers. A specially crafted ELF file allows remote attackers to cause a...

CVE-2018-20651

A NULL pointer dereference was discovered in elflinkaddobjectsymbols in elflink.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31.1. This occurs for a crafted ETDYN with no program headers. A specially crafted ELF file allows remote attackers to cause a...

CVE-2018-20651

A NULL pointer dereference was discovered in elflinkaddobjectsymbols in elflink.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31.1. This occurs for a crafted ETDYN with no program headers. A specially crafted ELF file allows remote attackers to cause a...

Design/Logic Flaw

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the processarchive function in readelf.c via a crafted ELF file...

CVE-2018-20623

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the processarchive function in readelf.c via a crafted ELF file...

CVE-2018-20623

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the processarchive function in readelf.c via a crafted ELF file...

CVE-2018-20623

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the processarchive function in readelf.c via a crafted ELF file...

CVE-2018-20623

CVE-2018-20623 affects GNU Binutils 2.31.1. A use-after-free in elfcomm.c: error() when called from readelf.c:process_archive via a crafted ELF can cause a crash. This is echoed in the Astra Linux bulletin. No exploitation details or patch/version fixes are provided in the supplied documents; rem...

CVE-2018-20623

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the processarchive function in readelf.c via a crafted ELF file...

GNU Binutils 'libbfd' Integer Overflow Vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utility programs developed by the GNU Project to work with target files in a variety of formats, with connectors, assemblers, and other tools for target files and archives. An integer overflow vulnerability exis...

Security Bulletin: Vulnerabilities in GNU binutils affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in GNU binutils. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-13033 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an error in the bfdelfparseattributes in elf-attrs.c and bfdmalloc in...

CVE-2018-20002

The bfdgenericreadminisymbols function in syms.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service memory consumption, as demonstrated by nm...